Jens-S. Voeckler wrote:
>
> On Fri, 3 Sep 1999, Tilman Schmidt wrote:
>
> ]James Porter (webmaster@aeonflux.net) wrote:
> ]>
> ]> http://3626046468/ or http://3518332314/
> ]
> ]That's an old bug in the inet_aton() function traceroute and many
> ]other programs use to convert the dotted-quad form of IP addresses
> ]into the internal form: it accepts syntactically incorrect input
> ](like the dotless numbers you listed) and makes a valid IP address
> ]from it. As this bug has security implications (there are programs
> ]which assume that if a hostname doesn't contain a dot then it must
> ]be in the local domain) you should be grateful that Squid does not
> ]have it!
>
> That is wrong, Squid uses the system's resolver library, and if your
> system's resolver supports it, Squid does support it. Which is true for
> most resolvers. And it is not a bug of the resolver, but a "feature". Just
> typing "12." is a shortcut meaning "12.0.0.0", and "12.1" a shortcut for
> "12.0.0.1", etc.
Read again what he sait. Dotless IP addresses being accepted is a bug.
IP addresses in all standards needs to have dots. Internet standard is
Quad-IP with quad decimal octets separated by dots. BSD standard (I
think, I have never seen it fully documented) is at least one dot to
separate network address from host address.
-- Henrik Nordstrom Spare time Squid hackerReceived on Fri Sep 03 1999 - 12:31:04 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:48:15 MST